From ef176dcf7e76c3639571d7c6051246c8fbadf12a Mon Sep 17 00:00:00 2001 From: pennae Date: Sun, 28 Aug 2022 21:18:44 +0200 Subject: nixos/*: automatically convert option descriptions conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded. --- nixos/modules/security/acme/default.nix | 2 +- nixos/modules/security/apparmor.nix | 24 ++++++++++++------------ nixos/modules/security/auditd.nix | 2 +- nixos/modules/security/pam.nix | 18 +++++++++--------- nixos/modules/security/polkit.nix | 2 +- nixos/modules/security/tpm2.nix | 12 ++++++------ nixos/modules/security/wrappers/default.nix | 2 +- 7 files changed, 31 insertions(+), 31 deletions(-) (limited to 'nixos/modules/security') diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 4e5e3266fe19f..377b543c58136 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -457,7 +457,7 @@ let ''; }; - enableDebugLogs = mkEnableOption "debug logging for this certificate" // { + enableDebugLogs = mkEnableOption (lib.mdDoc "debug logging for this certificate") // { inherit (defaultAndText "enableDebugLogs" true) default defaultText; }; diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix index c4eca45325452..0d858a458564d 100644 --- a/nixos/modules/security/apparmor.nix +++ b/nixos/modules/security/apparmor.nix @@ -7,7 +7,7 @@ let inherit (lib) types; inherit (config.environment) etc; cfg = config.security.apparmor; - mkDisableOption = name: mkEnableOption name // { + mkDisableOption = name: mkEnableOption (lib.mdDoc name) // { default = true; example = false; }; @@ -24,7 +24,7 @@ in options = { security.apparmor = { - enable = mkEnableOption '' + enable = mkEnableOption (lib.mdDoc '' the AppArmor Mandatory Access Control system. If you're enabling this module on a running system, @@ -38,9 +38,9 @@ in introducing for the first time an AppArmor profile for the executable of a running process. - Enable + Enable [](#opt-security.apparmor.killUnconfinedConfinables) if you want this service to do such killing - by sending a SIGTERM to those running processes''; + by sending a `SIGTERM` to those running processes''); policies = mkOption { description = lib.mdDoc '' AppArmor policies. @@ -72,23 +72,23 @@ in default = []; description = lib.mdDoc "List of packages to be added to AppArmor's include path"; }; - enableCache = mkEnableOption '' + enableCache = mkEnableOption (lib.mdDoc '' caching of AppArmor policies - in /var/cache/apparmor/. + in `/var/cache/apparmor/`. Beware that AppArmor policies almost always contain Nix store paths, and thus produce at each change of these paths - a new cached version accumulating in the cache''; - killUnconfinedConfinables = mkEnableOption '' + a new cached version accumulating in the cache''); + killUnconfinedConfinables = mkEnableOption (lib.mdDoc '' killing of processes which have an AppArmor profile enabled - (in ) + (in [](#opt-security.apparmor.policies)) but are not confined (because AppArmor can only confine new processes). - This is only sending a gracious SIGTERM signal to the processes, - not a SIGKILL. + This is only sending a gracious `SIGTERM` signal to the processes, + not a `SIGKILL`. Beware that due to a current limitation of AppArmor, - only profiles with exact paths (and no name) can enable such kills''; + only profiles with exact paths (and no name) can enable such kills''); }; }; diff --git a/nixos/modules/security/auditd.nix b/nixos/modules/security/auditd.nix index 9d26cfbcfb10e..db4b2701ee2e9 100644 --- a/nixos/modules/security/auditd.nix +++ b/nixos/modules/security/auditd.nix @@ -3,7 +3,7 @@ with lib; { - options.security.auditd.enable = mkEnableOption "the Linux Audit daemon"; + options.security.auditd.enable = mkEnableOption (lib.mdDoc "the Linux Audit daemon"); config = mkIf config.security.auditd.enable { boot.kernelParams = [ "audit=1" ]; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index c30cbd23e2971..c4d891333f57b 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -146,8 +146,8 @@ let default = config.users.mysql.enable; defaultText = literalExpression "config.users.mysql.enable"; type = types.bool; - description = '' - If set, the pam_mysql module will be used to + description = lib.mdDoc '' + If set, the `pam_mysql` module will be used to authenticate users against a MySQL/MariaDB database. ''; }; @@ -773,16 +773,16 @@ in } ]; - description = '' + description = lib.mdDoc '' Define resource limits that should apply to users or groups. Each item in the list should be an attribute set with a - domain, type, - item, and value + {var}`domain`, {var}`type`, + {var}`item`, and {var}`value` attribute. The syntax and semantics of these attributes - must be that described in limits.conf5. + must be that described in {manpage}`limits.conf(5)`. Note that these limits do not apply to systemd services, - whose limits can be changed via + whose limits can be changed via {option}`systemd.extraConfig` instead. ''; }; @@ -822,7 +822,7 @@ in ''; }; - security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module"; + security.pam.enableOTPW = mkEnableOption (lib.mdDoc "the OTPW (one-time password) PAM module"); security.pam.krb5 = { enable = mkOption { @@ -1145,7 +1145,7 @@ in }; }; - security.pam.enableEcryptfs = mkEnableOption "eCryptfs PAM module (mounting ecryptfs home directory on login)"; + security.pam.enableEcryptfs = mkEnableOption (lib.mdDoc "eCryptfs PAM module (mounting ecryptfs home directory on login)"); users.motd = mkOption { default = null; diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index 0a2d81445ba53..95a2d4d5377a5 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -12,7 +12,7 @@ in options = { - security.polkit.enable = mkEnableOption "polkit"; + security.polkit.enable = mkEnableOption (lib.mdDoc "polkit"); security.polkit.extraConfig = mkOption { type = types.lines; diff --git a/nixos/modules/security/tpm2.nix b/nixos/modules/security/tpm2.nix index 903d35b31735f..5a023cec48ee0 100644 --- a/nixos/modules/security/tpm2.nix +++ b/nixos/modules/security/tpm2.nix @@ -17,7 +17,7 @@ let in { options.security.tpm2 = { - enable = lib.mkEnableOption "Trusted Platform Module 2 support"; + enable = lib.mkEnableOption (lib.mdDoc "Trusted Platform Module 2 support"); tssUser = lib.mkOption { description = lib.mdDoc '' @@ -48,9 +48,9 @@ in { }; abrmd = { - enable = lib.mkEnableOption '' + enable = lib.mkEnableOption (lib.mdDoc '' Trusted Platform 2 userspace resource manager daemon - ''; + ''); package = lib.mkOption { description = lib.mdDoc "tpm2-abrmd package to use"; @@ -61,10 +61,10 @@ in { }; pkcs11 = { - enable = lib.mkEnableOption '' + enable = lib.mkEnableOption (lib.mdDoc '' TPM2 PKCS#11 tool and shared library in system path - (/run/current-system/sw/lib/libtpm2_pkcs11.so) - ''; + (`/run/current-system/sw/lib/libtpm2_pkcs11.so`) + ''); package = lib.mkOption { description = lib.mdDoc "tpm2-pkcs11 package to use"; diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index aa37ec7db4968..88d9c0246f5b4 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -189,7 +189,7 @@ in default = "50%"; example = "10G"; type = lib.types.str; - description = '' + description = lib.mdDoc '' Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. WARNING: don't set to less than 64MB. ''; -- cgit 1.4.1